Posted by: David Harley | October 17, 2018

Another iOS passcode bypass bug

Hacker News: New iPhone Bug Gives Anyone Access to Your Private Photos – “A security enthusiast who discovered a passcode bypass vulnerability in Apple’s iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week.”

See also News update: October 3rd

David Harley

Advertisements
Posted by: David Harley | October 13, 2018

Krebs/Sager interview on supply chain security

Further to the Bloomberg reports previously mentioned here, here’s a fascinating article from Brian Krebs, featuring an interview with Tony Sager. Not at all Apple-specific, but essential reading.

Supply Chain Security 101: An Expert’s View

“Sager said he hadn’t heard anything about Supermicro specifically, but we chatted at length about the challenges of policing the technology supply chain.”

David Harley

Posted by: David Harley | October 11, 2018

Chinese iPhone users – Apple IDs compromised

Technode: Hundreds of Chinese iPhone users are believed to have had their Apple IDs compromised – “Over 700 Chinese iPhone users have inexplicably had money deducted from their Apple ID-bound payment channels, with the highest being RMB 10,000 ($1,440), according to local media.”

David Harley

Posted by: David Harley | October 11, 2018

Another Bloomberg report, another supply-chain issue

In a story from 9th October, Bloomberg tells us of New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom.

“A major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer Inc. in its network and removed it in August, fresh evidence of tampering in China of critical technology components bound for the U.S., according to a security expert working for the telecom company.”

The tampering described differs from that in Bloomberg’s previous report. This one describes an ‘implant’ in a server’s Ethernet connector. The communications company has not been named, but the report is based on information from Yossi Appleboum, described as “co-chief executive officer of Sepio Systems”, who suggests that this approach to snooping has been seen in other equipment supplied by China, while Bloomberg compares it to manipulations used by the NSA.

Commentary from The Verge: Tampered Chinese Ethernet port used to hack ‘major US telecom,’ says Bloomberg report.

Whatever the truth is of this story, it seems to go far beyond Apple, so also published on the AVIEN blog.

David Harley

Posted by: David Harley | October 10, 2018

Android, iOS, and macOS issues

Pierluigi Paganani: Hackers can compromise your WhatsApp account by tricking you into answering a video call

The Register:  Rap for WhatsApp chat app chaps in phone-to-pwn security nap flap – “Memory corruption flaw present in Android, iOS builds. Aaand it’s been fixed”


Further to this story: Intel Management Mode – Apple didn’t lock

Thomas Claburn for The Register: Intel’s commitment to making its stuff secure is called into question – ‘In an email to The Register in response to our report about the problems posed by the Manufacturing Mode in Intel’s Management Engine (ME), which if left open leaves processors vulnerable to local attack, Kanthak called Intel’s statement “a blatant lie.”‘


MacRumors: Apple Releasing iOS 12.0.1 With Fixes for Wi-Fi 2.4GHz Bug, Lightning Charging Issue [Update: Now Available]


The Register: Pixel 3, 3XL, Slate tab launch: Google emits swanky iPad botherer while tarting up mobes – “The day after Google confessed to almost exposing the private data of hundreds of thousands of Google+ accounts to app developers, the ad giant unveiled perhaps the most-leaked phone in recent memory.”

David Harley

« Newer Posts - Older Posts »

Categories